From 934a5eec51f7d1b67050a546c1f194a4277fc45a Mon Sep 17 00:00:00 2001
From: verboomp <p.verboom@ayeq-benu.com>
Date: Tue, 20 Jan 2026 15:50:46 +0100
Subject: [PATCH] added init db security setup

---
 .../core/db/migration/V1__init.sql            | 24 +++++-
 .../hartmann/fotodocumentation/Dummy.java     | 22 ------
 .../fotodocumentation/SecurityGenerator.java  | 77 +++++++++++++++++++
 3 files changed, 100 insertions(+), 23 deletions(-)
 delete mode 100644 hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/Dummy.java
 create mode 100644 hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/SecurityGenerator.java

diff --git a/hartmann-foto-documentation-app/src/main/resources/marketing/heyday/hartmann/fotodocumentation/core/db/migration/V1__init.sql b/hartmann-foto-documentation-app/src/main/resources/marketing/heyday/hartmann/fotodocumentation/core/db/migration/V1__init.sql
index c64fd2c..2bd1155 100644
--- a/hartmann-foto-documentation-app/src/main/resources/marketing/heyday/hartmann/fotodocumentation/core/db/migration/V1__init.sql
+++ b/hartmann-foto-documentation-app/src/main/resources/marketing/heyday/hartmann/fotodocumentation/core/db/migration/V1__init.sql
@@ -73,4 +73,26 @@ create table picture (
     jpa_updated         timestamp      	NOT NULL,
     jpa_version         integer        	NOT NULL,
     customer_id_fk		bigint			REFERENCES customer
-);
\ No newline at end of file
+);
+
+
+// initial users
+
+insert into x_right (right_id, code, name,jpa_active,jpa_created,jpa_updated,jpa_version) VALUES
+  (1,	'ADMIN', 'Admin Right',	true,TIMESTAMP '2026-01-20 10:09:30.009',TIMESTAMP '2026-01-20 10:09:30.009',0),
+  (2,	'USER',	 'User Right',  true,TIMESTAMP '2026-01-20 10:09:52.797',TIMESTAMP '2026-01-20 10:09:52.797',0)
+  ;
+  
+  // nvlev4YnTi
+  // x1t0e7Pb49
+  
+INSERT INTO x_user (user_id,username,password,salt,title,firstname,lastname,email,jpa_active,jpa_created,jpa_updated,jpa_version) 
+VALUES
+  (1,'hartmann','vPsg/G5xQWoJTOA0r9b9HPTEAzMktKg7fKCrnmHYcyQ=', '9bARmw6zzbXPg4qdbj5RAe2OlJ9mz0Lpq3ZKJlg8Iug=','Herr','Hartmann','Admin','admin@heyday.marketing',true,TIMESTAMP '2026-01-20 10:09:52.000',TIMESTAMP '2026-01-20 10:09:52.000',0),
+  (2,'adm','eXlSEtLDfqos/w0DqPQiVoJHVEQaqLwD7qeDx74Onmk=','vajK924ZRXNWmt9GkcK/BO/Oc1bYp582MJ47HzsXyzA=','Herr','Hartmann','adm','adm@heyday.marketing',true,TIMESTAMP '2026-01-20 10:09:52.000',TIMESTAMP '2026-01-20 10:09:52.000',0);
+
+
+INSERT INTO user_to_right (user_id_fk,right_id_fk) 
+VALUES
+  (1,1),
+  (2,2);
diff --git a/hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/Dummy.java b/hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/Dummy.java
deleted file mode 100644
index 460f86a..0000000
--- a/hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/Dummy.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package marketing.heyday.hartmann.fotodocumentation;
-
-import org.junit.jupiter.api.Test;
-
-/**
- * 
- * <p>Copyright: Copyright (c) 2024</p>
- * <p>Company: heyday Marketing GmbH</p>
- * @author <a href="mailto:p.verboom@heyday.marketing">Patrick Verboom</a>
- * @version 1.0
- * 
- * created: 20 Jan 2026
- */
-
-public class Dummy {
-	
-	@Test
-	public void test() {
-		
-	}
-
-}
diff --git a/hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/SecurityGenerator.java b/hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/SecurityGenerator.java
new file mode 100644
index 0000000..c78b3b0
--- /dev/null
+++ b/hartmann-foto-documentation-app/src/test/java/marketing/heyday/hartmann/fotodocumentation/SecurityGenerator.java
@@ -0,0 +1,77 @@
+package marketing.heyday.hartmann.fotodocumentation;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+import java.nio.charset.Charset;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Base64;
+import java.util.Base64.Encoder;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.jupiter.api.Test;
+
+/**
+ * 
+ * <p>Copyright: Copyright (c) 2024</p>
+ * <p>Company: heyday Marketing GmbH</p>
+ * @author <a href="mailto:p.verboom@heyday.marketing">Patrick Verboom</a>
+ * @version 1.0
+ * 
+ * created: 20 Jan 2026
+ */
+
+public class SecurityGenerator {
+	private static final int GENERATE_LENGTH = 10;
+	private static final int SALT_LENGTH = 32;
+
+	@java.lang.SuppressWarnings("java:S2245")
+	public String generatePassword() {
+		return RandomStringUtils.randomAlphanumeric(GENERATE_LENGTH);
+	}
+
+	public byte[] createSalt() {
+		byte[] salt = new byte[SALT_LENGTH];
+		SecureRandom random = new SecureRandom();
+		random.nextBytes(salt);
+		return salt;
+
+	}
+
+	public byte[] createPassword(String password, String salt) throws NoSuchAlgorithmException {
+		byte[] saltBytes = salt.getBytes(Charset.forName("utf-8"));
+		return createPassword(password, saltBytes);
+	}
+
+	public byte[] createPassword(String password, byte[] salt) throws NoSuchAlgorithmException {
+		MessageDigest md = MessageDigest.getInstance("SHA-256");
+		byte[] passwordBytes = password.getBytes(Charset.forName("utf-8"));
+		md.update(passwordBytes);
+		md.update(salt);
+
+		return md.digest();
+	}
+
+	public String encode(byte[] hash) {
+		Encoder encoder = Base64.getEncoder();
+		return encoder.encodeToString(hash);
+	}
+	
+	@Test
+	public void test() throws NoSuchAlgorithmException {
+		String password = generatePassword();
+		assertNotNull(password);
+		
+		byte[] salt = createSalt();
+		String saltHash = encode(salt);
+		
+		byte[] passwordByte = createPassword(password, salt);
+		String passwordHash = encode(passwordByte);
+		
+		System.out.println("Password " + password);
+		System.out.println("PasswordHash " + passwordHash);
+		System.out.println("saltHash " + saltHash);
+	}
+
+}